製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性

タイトル	Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性
概要	Adobe Flash Player および Adobe AIR には、整数オーバーフローの脆弱性が存在します。本脆弱性は、CVE-2010-2181 および CVE-2010-2183 とは異なる脆弱性です。
想定される影響	攻撃者により、任意のコードを実行される可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2010年6月10日0:00
登録日	2010年7月6日20:12
最終更新日	2010年11月29日15:21

CVSS2.0 : 危険
スコア	9.3
ベクター	AV:N/AC:M/Au:N/C:C/I:C/A:C

影響を受けるシステム

レッドハット

Red Hat Enterprise Linux Extras 3 extras

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

RHEL Desktop Supplementary 5 (client)

RHEL Supplementary 5 (server)

RHEL Supplementary EUS 5.4.z (server)

ターボリナックス

Turbolinux Client 2008

アドビシステムズ

Adobe AIR 1.5.3.9130 およびそれ以前

Adobe Flash Player 10.0.45.2 およびそれ以前

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6 から v10.6.4

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6 から v10.6.4

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2170	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
National Vulnerability Database (NVD)
2	CVE-2010-2170	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2170

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	名前	URL
Adobe Security Bulletin
1	APSB10-14	http://www.adobe.com/support/security/bulletins/apsb10-14.html
Adobe セキュリティ情報
2	APSB10-14	http://www.adobe.com/jp/support/security/bulletins/apsb10-14.html
Apple Security Updates
3	HT4435	http://support.apple.com/kb/HT4435
Apple セキュリティアップデート
4	HT4435	http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Red Hat Security Advisory
5	RHSA-2010:0464	https://rhn.redhat.com/errata/RHSA-2010-0464.html
6	RHSA-2010:0470	https://rhn.redhat.com/errata/RHSA-2010-0470.html
富士通セキュリティ情報
7	TA10-159A	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-159a.html
8	TA10-162A	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-162a.html
製品セキュリティ情報
9	TLSA-2010-19	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

その他

No	名前	URL
IPA 緊急対策情報
1	20100611-adobe	http://www.ipa.go.jp/security/ciadr/vul/20100611-adobe.html
JPCERT 緊急報告
2	JPCERT-AT-2010-0015	https://www.jpcert.or.jp/at/2010/at100015.txt
3	JPCERT-AT-2010-0017	https://www.jpcert.or.jp/at/2010/at100017.txt
JVN
4	JVNTA10-159A	http://jvn.jp/cert/JVNTA10-159A/index.html
5	JVNTA10-162A	http://jvn.jp/cert/JVNTA10-162A/index.html
6	JVNVU#331391	http://jvn.jp/cert/JVNVU331391
JVN Status Tracking Notes
7	JVNTR-2010-16	http://jvn.jp/tr/JVNTR-2010-16/
Secunia Advisory
8	SA40026	http://secunia.com/advisories/40026
9	SA40144	http://secunia.com/advisories/40144
SecurityFocus
10	40789	http://www.securityfocus.com/bid/40789
SecurityTracker
11	1024085	http://securitytracker.com/id?1024085
12	1024086	http://securitytracker.com/id?1024086
US-CERT Cyber Security Alerts
13	SA10-159A	http://www.us-cert.gov/cas/alerts/SA10-159A.html
14	SA10-162A	http://www.us-cert.gov/cas/alerts/SA10-162A.html
US-CERT Technical Cyber Security Alert
15	TA10-159A	http://www.us-cert.gov/cas/techalerts/TA10-159A.html
16	TA10-162A	http://www.us-cert.gov/cas/techalerts/TA10-162A.html
VUPEN Security
17	VUPEN/ADV-2010-1421	http://www.vupen.com/english/advisories/2010/1421
18	VUPEN/ADV-2010-1432	http://www.vupen.com/english/advisories/2010/1432
19	VUPEN/ADV-2010-1453	http://www.vupen.com/english/advisories/2010/1453
20	VUPEN/ADV-2010-1522	http://www.vupen.com/english/advisories/2010/1522
警察庁 @police
21	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて	http://www.npa.go.jp/cyberpolice/#topics

変更履歴

No	変更内容	変更日
0	[2010年07月06日] 掲載 [2010年11月29日] 影響を受けるシステム：アップル (HT4435) の情報を追加ベンダ情報：アップル (HT4435) を追加	2018年2月17日10:37

NVD脆弱性情報

CVE-2010-2170

概要	Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.
公表日	2010年6月16日3:00
登録日	2021年1月29日11:02
最終更新日	2024年11月21日10:16

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:adobe:flash_player::::::::		10.0.45.2
cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:a:macromedia:flash_player:5.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.42.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.58.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.41.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.30.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:adobe:air:1.5.2:::::::*
cpe:2.3:a:adobe:air:1.5.3:::::::*
cpe:2.3:a:adobe:air:1.5:::::::*
cpe:2.3:a:adobe:air:1.0:::::::*
cpe:2.3:a:adobe:air:1.1:::::::*
cpe:2.3:a:adobe:air::::::::		1.5.3.9130
cpe:2.3:a:adobe:air:1.5.1:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
2	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
3	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
4	http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
5	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
6	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
7	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
8	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
9	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
10	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
11	http://secunia.com/advisories/40144
12	http://secunia.com/advisories/40144
13	http://secunia.com/advisories/40545
14	http://secunia.com/advisories/40545
15	http://secunia.com/advisories/43026
16	http://secunia.com/advisories/43026
17	http://security.gentoo.org/glsa/glsa-201101-09.xml
18	http://security.gentoo.org/glsa/glsa-201101-09.xml
19	http://securitytracker.com/id?1024085
20	http://securitytracker.com/id?1024085
21	http://securitytracker.com/id?1024086
22	http://securitytracker.com/id?1024086
23	http://support.apple.com/kb/HT4435
24	http://support.apple.com/kb/HT4435
25	http://www.adobe.com/support/security/bulletins/apsb10-14.html	Patch Vendor Advisory
26	http://www.adobe.com/support/security/bulletins/apsb10-14.html	Patch Vendor Advisory
27	http://www.redhat.com/support/errata/RHSA-2010-0464.html
28	http://www.redhat.com/support/errata/RHSA-2010-0464.html
29	http://www.redhat.com/support/errata/RHSA-2010-0470.html
30	http://www.redhat.com/support/errata/RHSA-2010-0470.html
31	http://www.securityfocus.com/bid/40759
32	http://www.securityfocus.com/bid/40759
33	http://www.securityfocus.com/bid/40789
34	http://www.securityfocus.com/bid/40789
35	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
36	http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
37	http://www.us-cert.gov/cas/techalerts/TA10-162A.html	US Government Resource
38	http://www.us-cert.gov/cas/techalerts/TA10-162A.html	US Government Resource
39	http://www.vupen.com/english/advisories/2010/1421
40	http://www.vupen.com/english/advisories/2010/1421
41	http://www.vupen.com/english/advisories/2010/1432
42	http://www.vupen.com/english/advisories/2010/1432
43	http://www.vupen.com/english/advisories/2010/1434
44	http://www.vupen.com/english/advisories/2010/1434
45	http://www.vupen.com/english/advisories/2010/1453
46	http://www.vupen.com/english/advisories/2010/1453
47	http://www.vupen.com/english/advisories/2010/1482
48	http://www.vupen.com/english/advisories/2010/1482
49	http://www.vupen.com/english/advisories/2010/1522
50	http://www.vupen.com/english/advisories/2010/1522
51	http://www.vupen.com/english/advisories/2010/1793
52	http://www.vupen.com/english/advisories/2010/1793
53	http://www.vupen.com/english/advisories/2011/0192
54	http://www.vupen.com/english/advisories/2011/0192
55	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16348
56	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16348
57	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6766
58	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6766

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

構成1	以上	以下	より上	未満
cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.16:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.28:::::::*
cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.31:::::::*
cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.20:::::::*
cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::*
cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:adobe:flash_player::::::::		10.0.45.2
cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::*
cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::*
cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::*
cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::*
cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::*
cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:a:macromedia:flash_player:5.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::*
cpe:2.3:a:adobe:flash_player:6.0.79:::::::*
cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1.1:::::::*
cpe:2.3:a:adobe:flash_player:7.0.63:::::::*
cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.42.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.58.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0:::::::*
cpe:2.3:a:adobe:flash_player:7.2:::::::*
cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.41.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.25:::::::*
cpe:2.3:a:adobe:flash_player:8.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::*
cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::*
cpe:2.3:a:adobe:flash_player:7.1:::::::*
cpe:2.3:a:macromedia:flash_player:5.0.30.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::*
cpe:2.3:a:adobe:flash_player:7.0.1:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:adobe:air:1.5.2:::::::*
cpe:2.3:a:adobe:air:1.5.3:::::::*
cpe:2.3:a:adobe:air:1.5:::::::*
cpe:2.3:a:adobe:air:1.0:::::::*
cpe:2.3:a:adobe:air:1.1:::::::*
cpe:2.3:a:adobe:air::::::::		1.5.3.9130
cpe:2.3:a:adobe:air:1.5.1:::::::*