CVE-2010-2179

{"id": "CVE-2010-2179", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-15T18:00:01.717", "references": [{"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/40144", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/40545", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://secunia.com/advisories/43026", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1024085", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://securitytracker.com/id?1024086", "tags": ["Broken Link", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", "tags": ["Broken Link", "Patch", "Third Party Advisory", "Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/40759", "tags": ["Broken Link", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/40808", "tags": ["Broken Link", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1421", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1432", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1434", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1453", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1482", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1522", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1793", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0192", "tags": ["Broken Link"], "source": "psirt@adobe.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59328", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@adobe.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126", "tags": ["Broken Link"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe Air anterior a v2.0.2.12610, cuando se usa FireFox o Chrome permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con el parseo de URLs."}], "lastModified": "2022-09-15T13:29:29.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C3001C-53F0-4C18-9CC8-89BDF8C6087D", "versionEndExcluding": "9.0.277.0"}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F116B4ED-9BC6-4750-B87F-4E5FF2B2B1F3", "versionEndExcluding": "10.1.53.64", "versionStartIncluding": "10.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"}, {"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A520EA13-9274-4E10-84B5-1F1FD9E5CE86", "versionEndExcluding": "2.0.2.12610"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"}, {"criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F"}], "operator": "OR"}], "operator": "AND"}], "evaluatorImpact": "Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html\r\n\r\n'Affected software versions\r\n\r\nAdobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris\r\n\r\nAdobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'\r\n", "sourceIdentifier": "psirt@adobe.com", "evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html\r\n\r\n'This update resolves a URL parsing vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only) (CVE-2010-2179).'"}