CVE-2010-3976

Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
adobeflash_player
𝑥
≤ 9.0.277.0
adobeflash_player
9.0.16
adobeflash_player
9.0.18d60:d60
adobeflash_player
9.0.20
adobeflash_player
9.0.20.0
adobeflash_player
9.0.28
adobeflash_player
9.0.28.0
adobeflash_player
9.0.31
adobeflash_player
9.0.31.0
adobeflash_player
9.0.45.0
adobeflash_player
9.0.47.0
adobeflash_player
9.0.48.0
adobeflash_player
9.0.112.0
adobeflash_player
9.0.114.0
adobeflash_player
9.0.115.0
adobeflash_player
9.0.124.0
adobeflash_player
9.0.125.0
adobeflash_player
9.0.151.0
adobeflash_player
9.0.152.0
adobeflash_player
9.0.155.0
adobeflash_player
9.0.159.0
adobeflash_player
9.0.246.0
adobeflash_player
9.0.260.0
adobeflash_player
9.0.262.0
adobeflash_player
𝑥
≤ 10.1.92.10
adobeflash_player
10.0.0.584
adobeflash_player
10.0.12.10
adobeflash_player
10.0.12.36
adobeflash_player
10.0.15.3
adobeflash_player
10.0.22.87
adobeflash_player
10.0.32.18
adobeflash_player
10.0.42.34
adobeflash_player
10.0.45.2
adobeflash_player
10.1.52.14.1
adobeflash_player
10.1.52.15
adobeflash_player
10.1.53.64
adobeflash_player
10.1.82.76
adobeflash_player
10.1.85.3
adobeflash_player
10.1.92.8
adobeflash_player
10.1.95.1
adobeflash_player
10.1.95.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
flashplugin-nonfree
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
hardy
not-affected
dapper
not-affected
References
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
http://marc.info/?l=bugtraq&m=130331642631603&w=2
http://marc.info/?l=bugtraq&m=130331642631603&w=2
http://secunia.com/advisories/43026
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://support.apple.com/kb/HT4435
http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
http://www.adobe.com/support/security/bulletins/apsb10-26.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html
http://www.securityfocus.com/archive/1/514653/100/0/threaded
http://www.securityfocus.com/bid/44671
http://www.vupen.com/english/advisories/2010/2903
http://www.vupen.com/english/advisories/2011/0192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
http://marc.info/?l=bugtraq&m=130331642631603&w=2
http://marc.info/?l=bugtraq&m=130331642631603&w=2
http://secunia.com/advisories/43026
http://security.gentoo.org/glsa/glsa-201101-09.xml
http://support.apple.com/kb/HT4435
http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt
http://www.adobe.com/support/security/bulletins/apsb10-26.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html
http://www.securityfocus.com/archive/1/514653/100/0/threaded
http://www.securityfocus.com/bid/44671
http://www.vupen.com/english/advisories/2010/2903
http://www.vupen.com/english/advisories/2011/0192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926