製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性

Title	Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
Summary	Adobe Flash Player および Adobe AIR には、ActionScript native object 2200 connect メソッドの呼び出しに不備があるため、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。本脆弱性は、CVE-2010-2160、CVE-2010-2165、CVE-2010-2166、CVE-2010-2171、CVE- 2010-2175、CVE-2010-2176、CVE-2010-2177、CVE-2010-2178、CVE-2010-2180、CVE- 2010-2182、CVE-2010-2184 および CVE-2010-2187 とは異なる脆弱性です。
Possible impacts	攻撃者により、ActionScript native object 2200 connect メソッドを呼び出され、サービス運用妨害 (DoS) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	June 10, 2010, midnight
Registration Date	Sept. 3, 2010, 4:33 p.m.
Last Update	Nov. 30, 2010, 2:07 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux Extras 3 extras

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

RHEL Desktop Supplementary 5 (client)

RHEL Supplementary 5 (server)

RHEL Supplementary EUS 5.4.z (server)

ヒューレット・パッカード

HP-UX 11.23

HP-UX 11.31

ターボリナックス

Turbolinux Client 2008

アドビシステムズ

Adobe AIR 1.5.3.9130

Adobe AIR 2.0.2.12610

Adobe Flash CS3 Professional

Adobe Flash CS4 Professional

Adobe Flash Professional CS5

Adobe Flash Player 10.0.45.2 およびそれ以前

Adobe Flash Player 10.1.53.64 およびそれ以前

Adobe Flex 3

Adobe Flex 4

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6 から v10.6.4

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6 から v10.6.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2188	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
National Vulnerability Database (NVD)
2	CVE-2010-2188	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2188

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB10-14	http://www.adobe.com/support/security/bulletins/apsb10-14.html
2	APSB10-16	http://www.adobe.com/support/security/bulletins/apsb10-16.html
Adobe セキュリティ情報
3	APSB10-14	http://www.adobe.com/jp/support/security/bulletins/apsb10-14.html
4	APSB10-16	http://www.adobe.com/jp/support/security/bulletins/apsb10-16.html
Apple Security Updates
5	HT4435	http://support.apple.com/kb/HT4435
Apple セキュリティアップデート
6	HT4435	http://support.apple.com/kb/HT4435?viewlocale=ja_JP
HP Security Bulletin
7	HPSBMA02547	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02273751
Red Hat Security Advisory
8	RHSA-2010:0464	https://rhn.redhat.com/errata/RHSA-2010-0464.html
9	RHSA-2010:0470	https://rhn.redhat.com/errata/RHSA-2010-0470.html
Turbolinux Security Advisory
10	TLSA-2010-19	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
富士通セキュリティ情報
11	TA10-223A	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-223a.html

その他

No	Name	URL
ISS X-Force Database
1	59337	http://xforce.iss.net/xforce/xfdb/59337
JPCERT 緊急報告
2	JPCERT-AT-2010-0021	http://www.jpcert.or.jp/at/2010/at100021.txt
JVN
3	JVNTA10-162A	http://jvn.jp/cert/JVNTA10-162A
4	JVNTA10-223A	http://jvn.jp/cert/JVNTA10-223A
5	JVNVU#331391	http://jvn.jp/cert/JVNVU331391
Secunia Advisory
6	SA40026	http://secunia.com/advisories/40026
7	SA40144	http://secunia.com/advisories/40144
8	SA40545	http://secunia.com/advisories/40545
SecurityFocus
9	40798	http://www.securityfocus.com/bid/40798
SecurityTracker
10	1024085	http://securitytracker.com/id?1024085
11	1024086	http://securitytracker.com/id?1024086
US-CERT Cyber Security Alerts
12	SA10-162A	http://www.us-cert.gov/cas/alerts/SA10-162A.html
13	SA10-223A	http://www.us-cert.gov/cas/alerts/SA10-223A.html
US-CERT Technical Cyber Security Alert
14	TA10-162A	http://www.us-cert.gov/cas/techalerts/TA10-162A.html
15	TA10-223A	http://www.us-cert.gov/cas/techalerts/TA10-223A.html
VUPEN Security
16	VUPEN/ADV-2010-1421	http://www.vupen.com/english/advisories/2010/1421
17	VUPEN/ADV-2010-1432	http://www.vupen.com/english/advisories/2010/1432
18	VUPEN/ADV-2010-1453	http://www.vupen.com/english/advisories/2010/1453
19	VUPEN/ADV-2010-1482	http://www.vupen.com/english/advisories/2010/1482
20	VUPEN/ADV-2010-1522	http://www.vupen.com/english/advisories/2010/1522
21	VUPEN/ADV-2010-1793	http://www.vupen.com/english/advisories/2010/1793
警察庁 @police
22	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

Change Log

No	Changed Details	Date of change
0	[2010年09月03日] 掲載 [2010年11月30日] 影響を受けるシステム：アップル (HT4435) の情報を追加ベンダ情報：アップル (HT4435) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-2188

Summary	Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.
Publication Date	June 16, 2010, 3 a.m.
Registration Date	Jan. 29, 2021, 11:02 a.m.
Last Update	Nov. 21, 2024, 10:16 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::		10.0.45.2
cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:macromedia:flash_player:5.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.42.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.58.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.41.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.30.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:adobe:air:1.5.2:::::::*
cpe:2.3:a:adobe:air:1.5.3:::::::*
cpe:2.3:a:adobe:air:1.5:::::::*
cpe:2.3:a:adobe:air:1.0:::::::*
cpe:2.3:a:adobe:air:1.1:::::::*
cpe:2.3:a:adobe:air::::::::		1.5.3.9130
cpe:2.3:a:adobe:air:1.5.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
2	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
3	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
4	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
5	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
6	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
7	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
8	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
9	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
10	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
11	http://secunia.com/advisories/40144
12	http://secunia.com/advisories/40144
13	http://secunia.com/advisories/40545
14	http://secunia.com/advisories/40545
15	http://secunia.com/advisories/43026
16	http://secunia.com/advisories/43026
17	http://security.gentoo.org/glsa/glsa-201101-09.xml
18	http://security.gentoo.org/glsa/glsa-201101-09.xml
19	http://securitytracker.com/id?1024085
20	http://securitytracker.com/id?1024085
21	http://securitytracker.com/id?1024086
22	http://securitytracker.com/id?1024086
23	http://support.apple.com/kb/HT4435
24	http://support.apple.com/kb/HT4435
25	http://www.adobe.com/support/security/bulletins/apsb10-14.html	Patch Vendor Advisory
26	http://www.adobe.com/support/security/bulletins/apsb10-14.html	Patch Vendor Advisory
27	http://www.adobe.com/support/security/bulletins/apsb10-16.html
28	http://www.adobe.com/support/security/bulletins/apsb10-16.html
29	http://www.redhat.com/support/errata/RHSA-2010-0464.html
30	http://www.redhat.com/support/errata/RHSA-2010-0464.html
31	http://www.redhat.com/support/errata/RHSA-2010-0470.html
32	http://www.redhat.com/support/errata/RHSA-2010-0470.html
33	http://www.securityfocus.com/archive/1/511924/100/0/threaded
34	http://www.securityfocus.com/archive/1/511924/100/0/threaded
35	http://www.securityfocus.com/bid/40759
36	http://www.securityfocus.com/bid/40759
37	http://www.securityfocus.com/bid/40798
38	http://www.securityfocus.com/bid/40798
39	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
40	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
41	http://www.us-cert.gov/cas/techalerts/TA10-162A.html	US Government Resource
42	http://www.us-cert.gov/cas/techalerts/TA10-162A.html	US Government Resource
43	http://www.vupen.com/english/advisories/2010/1421
44	http://www.vupen.com/english/advisories/2010/1421
45	http://www.vupen.com/english/advisories/2010/1432
46	http://www.vupen.com/english/advisories/2010/1432
47	http://www.vupen.com/english/advisories/2010/1434
48	http://www.vupen.com/english/advisories/2010/1434
49	http://www.vupen.com/english/advisories/2010/1453
50	http://www.vupen.com/english/advisories/2010/1453
51	http://www.vupen.com/english/advisories/2010/1482
52	http://www.vupen.com/english/advisories/2010/1482
53	http://www.vupen.com/english/advisories/2010/1522
54	http://www.vupen.com/english/advisories/2010/1522
55	http://www.vupen.com/english/advisories/2010/1793
56	http://www.vupen.com/english/advisories/2010/1793
57	http://www.vupen.com/english/advisories/2011/0192
58	http://www.vupen.com/english/advisories/2011/0192
59	http://www.zerodayinitiative.com/advisories/ZDI-10-111
60	http://www.zerodayinitiative.com/advisories/ZDI-10-111
61	https://exchange.xforce.ibmcloud.com/vulnerabilities/59337
62	https://exchange.xforce.ibmcloud.com/vulnerabilities/59337
63	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16271
64	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16271
65	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6946
66	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6946

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::		10.0.45.2
cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:macromedia:flash_player:5.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.42.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.58.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.41.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.30.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:adobe:air:1.5.2:::::::*
cpe:2.3:a:adobe:air:1.5.3:::::::*
cpe:2.3:a:adobe:air:1.5:::::::*
cpe:2.3:a:adobe:air:1.0:::::::*
cpe:2.3:a:adobe:air:1.1:::::::*
cpe:2.3:a:adobe:air::::::::		1.5.3.9130
cpe:2.3:a:adobe:air:1.5.1:::::::*